Mobile devices such as smart phones, cellular phones, netbooks, pad computers, tablet computers and laptop computers can contain a wealth of private information of the user or owner. Some of this information is intentionally stored in the mobile device and is known to be there by the user or owner, while other information is stored in the device due to the manner in which certain components operate without the user or owner necessarily knowing it is there. Examples of the former are passwords and passcodes which the user authorizes or configures the device to store and use on behalf of the user. Example of the latter include data which is stored by the device by virtue of its operation, such as information stored in a cache memory.
Because these types of mobile devices are often expensive, they have intrinsic value to thieves for possible resale of the device itself, and they also present an opportune target for identity theft due to the information they contain.
In the case of theft of such a mobile device, passwords stored on a device can be cracked allowing the thief to steal any of the information. One current approach to solve this problem is locking the device with a master password which must be entered in order to access or use the device. Incorrect entry of the master password can trigger deletion of the confidential information stored by the device. This prevents access of the confidential data by anyone who cracks the password.
However, the requirement to enter such a password prior to use, and the optional requirement to intentionally lock the device by the user between uses, can be annoying to users that don't want to have to type in a long password in order to use the phone. This inconvenience leads to many users bypassing or not installing this additional security mechanism.
With the increasing trend in consumerization of devices used by employees to perform their business function, such mobile devices increasingly store corporate confidential information as well as personal confidential information, such as phone lists, email addresses, passwords to log into virtual private networks, certificates to authenticate the user to certain enterprise operations such as reviewing customer orders, accessing financial data, etc.
However, Information Technology departments are finding it increasingly difficult to enforce security policy in the same way they can on company-owned computing devices. Users want to be able to use their own personal or private device for business use without the hassle of having to enter a password every time they want to unlock the phone.